COUNTY OF FAIRFAX, VIRGINIA OFFICE OF FINANCIAL AND ... · COUNTY OF FAIRFAX, VIRGINIA OFFICE OF...

COUNTY OF FAIRFAX, VIRGINIA OFFICE OF FINANCIAL AND

PROGRAM AUDIT

FAIRFAX COUNTY BOARD OF SUPERVISORS AUDITOR OF THE BOARD

www.fairfaxcounty.gov/boardauditor

March 2017 Quarterly Report

1 | P a g e

2 | P a g e

Table of Contents

PENSION PLANS REVIEW (FOLLOW-UP) ............................................................................ 3

CONSULTANTS / CONTRACTORS STAFF REVIEW ............................................................. 14

STAFF INITIATED TRAINING REVIEW .............................................................................. 21

TIME AND ATTENDANCE REVIEW ................................................................................... 28

APPENDICES .................................................................................................................. 31

LIST OF ACRONYMS ....................................................................................................... 34

OFPA%20Quarterly%20Report%20(March%202017).docx#Pension

OFPA%20Quarterly%20Report%20(March%202017).docx#Consultants

OFPA%20Quarterly%20Report%20(March%202017).docx#Training

OFPA%20Quarterly%20Report%20(March%202017).docx#Attendance

OFPA%20Quarterly%20Report%20(March%202017).docx#Appenicies

OFPA%20Quarterly%20Report%20(March%202017).docx#Acronyms

3 | P a g e

PENSION PLAN REVIEW (FOLLOW-UP)

OBSERVATIONS AND ACTION PLAN

BACKGROUND

The purpose of this study was to review the pension funds which serves as a secure source of

retirement income. The Total Assets for the three retirement plans for fiscal year (FY) 2016 were

~$6.5B. The FY 2016 employer contribution for each of the three retirement systems was

~$261M. The prior quarter’s review included assessing controls over fees put forth by fund

managers, the inclusion of these fees in relevant documents and the reconciliation support

(Transaction, Asset and Accrual, General Ledger Detail Reports, and etc.) provided by BNY

Mellon Bank. The periods of review were FY 2015 and FY 2016. As requested by the Audit

Committee, The Office of Financial and Program Audit (OFPA) worked with the Retirement

Administration Agency (RAA) to develop a scope and work plan to assist in performing the

review. The results of this study may not highlight all of the risks/exposures, process gaps,

revenue enhancements and/or expense reductions which could exist in the area. Items reported

are those which could be assessed within the scheduled timeframe and scope.

SCOPE AND METHODOLOGY

The scope of this study included, but not limited to; assessing contract compliance between Fairfax

County Government, External Fund Managers, and the custodian bank (BNY Mellon). This included

an assessment and review of service delivery by the above mentioned vendors. Additionally, as

requested by the Audit Committee, we performed an assessment of the system of internal controls

employed by Fairfax County. We also performed an assessment of how RAA tracks and monitors

fund managers’ contract compliance. This process was facilitated through substantive tests of

supporting documentation and the respective contracts. As part of this review we liaised with the

Office of the County Attorney to confirm their participation in the review of the external counsel’s

candidacy. As per conversations with RAA, the hiring process of the RAA counsel has been

relegated to the Office of the County Attorney. Lastly, included in this study was an analysis of

the miscellaneous and management fees. This follow up review was a more in-depth analysis of

the controls over the source documentation; e.g. the reconciliation support (Transaction, Asset and

Accrual, General Ledger Detail Reports, and etc.) provided by BNY Mellon Bank. The periods of

this review were FY 2015 thru EY 2016. We performed this study on a sample basis. Staff

reviewed and made recommendations where applicable.

Retirement benefits for employees of Fairfax County (the County) are provided through three

separate defined benefit public retirement systems, they are:

1. Employees' Retirement System: For County employees not served by the other two systems and

Schools employees not served by the Virginia Retirement System and the Fairfax County

Educational Employees Supplementary Retirement System.

2. Uniformed Retirement System: Fire and Rescue personnel, Uniformed Sheriff employees,

Helicopter Pilots, and certain staff in Public Safety Communications.



4 | P a g e

3. Police Officers Retirement System: Sworn Police Officers.

Three separate Boards of Trustees are responsible for carrying out the provisions of each of the

three pension plans (plans) as established by County ordinance. This includes establishing the

investment administration, objectives, strategies, policies, and investing assets for their respective

plans.

Under the direction of the Boards of Trustees, the RAA is responsible for the day-to-day functions

of the Plans. RAA staff implements the strategies and policies established by the Boards and

ensure timely delivery of member services and benefits. RAA staff oversees investment

management firms employed by each of the three Boards and ensures adherence to the plans’

executed contracts.

Pension Plan Funding

The plans receive funding through:

• Employee contributions based on a fixed percentage of pay.

• Employer (County) contributions based on a variable percentage of employee pay as

determined by actuarial analyses.

• Returns on plan investments.

The County’s Board of Supervisors approves the employer contribution rates as part of the annual

budget process. Annual actuarial analyses are conducted for each plan and actuarial experience

studies are performed every five years. For each analysis evaluations are made on rate of return

for the investments of the plans. The required annual contribution rate is determined by other

financial and demographic factors of the County.

For FY 2016, the Police Retirement System increased by 0.9%; the fund for general County

employees declined by 0.4%; and the Uniformed Retirement System was down by 0.9%. As a

result, pension contributions by the County disbursed from the general fund budget were higher

than prior years. These funds were utilized to meet the retirement plan obligations. Over the

past two years, performance of the three retirement systems was below the 7.25% target.

Performance at these levels increases the net pension liability for the County.

Schedule of Net Pension Liability (3 Retirement Plans)

Retirement Plans Plan Fiduciary Net Position %age (2016)

Employees Retirement System 70.2%

Police Officers Retirement System 81.4%

Uniform Retirement System 77.2%

Investment Responsibility

RAA Investment Plans are monitored and overseen by each Plan’s Board of Trustees. The Trustees

rely on RAA for strategic advice, implementation and management/oversight of the contracted

investment managers. Included in the plan contracts and memorandums are Investment Policies.

These Policies detail investment objectives, guidelines and performance standards. RAA staff

oversees the contracted investment managers’ performance.

5 | P a g e

RAA staff does not perform direct buy/sell investment activity. There are 85 contracted

investment managers across the three Systems. Of these 85 investment managers, 22 serve more

than one Plan and six serve all three. Approximately 65% of RAA accounts are commingled funds

and 35% are separate accounts. Lists of Fund Managers are provided in Appendices A, B, and C.

RAA staff has procured a consulting firm (Judge Consult Inc.) to perform operational due diligence

on Fund Managers prior to them being on-boarded. This practice commenced approximately two

years ago. RAA is currently in the process of performing a look-back on Fund Managers on-

boarded prior to the implementation of this practice.

The County contracts with the firm (Cherry Bekaert LLP) to conduct annual financial audits and

related disclosures reported in the Retirement System Comprehensive Annual Financial Report

(CAFR). KPMG LLP was the County’s accounting firm until FY 2015. At the conclusion of the

annual financial audit, Cherry Bekaert LLP provides the County with an opinion as to the

assurance of the accuracy of the statements. Including, whether or not the statements were

reported in compliance with Generally Accepted Accounting Principles (GAAP) in all material

respects. OFPA relied on the information reported in the CAFRs of the Retirement Systems for our

study.

Our audit approach included interviewing; internal staff, custodian and external fund contacts.

Also to facilitate the review process, OFPA observed employees' work functions, performed

detailed transaction testing, and evaluated the processes holistically for compliance with internal

controls, regulations, and departmental policies and procedures.

OFPA conducted a data-driven risk assessment tailored to the County’s operating environment

related to the review of pension plans. OFPA also reviewed the departmental procedures to

ensure the processes employed were holistic and complete.

OBJECTIVES AND RESULTS

Business Objectives Study Assessment

Investment Target Performance on RAA Systems Over 20-year Horizon Satisfactory

Errors and Omissions Professional Liability Insurance Maintained Satisfactory

Oversight of Fund Manager Fees Needs Improvement

Review of Contracts by External/Internal Counsel Needs Improvement

Completeness of BNY Mellon Transaction Detail Reports Needs Improvement

Control Summary

Good Controls Weak Controls

Investment Performance targets of

(7.5%) were achieved for all three

plans over a 20-year horizon as of FY

2015.

Updated copies of Professional

Liability Insurance maintained by RAA

Sole reliance is on service providers to

compile expenses for the commingled

funds.

6 | P a g e

Control Summary


which is a compliance standard for the

contract.

The full repository of fund contracts

have not been reviewed by

internal/external counsel.

Transaction Detail Reports provided by

BNY Mellon are incomplete.

Aggregate information is provided by

the managers of the commingled funds.

This process limits the ability of either

BNY Mellon or RAA to vouch /verify

the accuracy of the related

transactions.

OBSERVATION(S) AND ACTION PLAN(S)

The following table(s) detail observation(s) and recommendation(s) from this study along with

management’s action plan(s) to address these issue(s).

7 | P a g e

Fairfax County

Office of Financial and Program Audit

Oversight of Fund Manager Fees

Risk Ranking MEDIUM

As reported in a prior quarter’s study, OFPA observed some plan expenses were compiled and remitted

by the managers of the commingled funds without complete source documentation. Substantive testing

also revealed a majority of these fund expenses were netted against the performance of the funds.

These back-office processes were performed by the investment manager without intervention/oversight

by RAA management or BNY Mellon. As part of an after-event process, BNY Mellon forwards a

reconciliation package to RAA. As a reasonableness test, RAA reviews and vouches aggregate data.

This process reduces staff ability to assess the reasonableness of the fund expenses submitted by each

manager of the commingled funds. Expense support is not provided with this package. As per OFPA’s

interview with a BNY Mellon representative, no review of these expenses are performed by their staff.

Therefore, sole reliance is on the managers of the respective commingled funds to record accurate

expense and income items. The independent third party service providers for the funds also participate

in the review and validation of the expenses and income for the funds.

All fund managers’ performances are evaluated based on their portfolios’ returns net of fees. For managers which RAA has separate accounts, Senior Investment Officers review the monthly/quarterly statements for accuracy (including fees charged). For commingled funds, RAA does not have visibility for all fees at a transactional level. Commingled funds are assets from several accounts that are blended together. RAA receives annual financial statements for these commingled funds. Reliance is on the funds’ auditors, custodial banks, third-party administrators, and directors/trustees for determining the accuracy of fees and other data. Audited financial statements for management companies/general partners that are privately owned entities are not available.

As visibility to source data and subsidiary ledgers which support the Audited Financial Statements of the funds of the Retirement System would be beneficial to the review process by RAA, consideration should be given to updating the contract language to include a “Right-to-Audit” clause.

RAA has undergone a reorganization whereby an existing position has been converted into an Investment Operations Manager. Onboarding for this position has already taken place. The Investment Operations Manager’s responsibilities include (but not limited to) improving on RAA’s accounting and record keeping practices, and obtaining/retaining custodial bank source documentation.

Of the 85 investment managers, we selected 15 to perform substantive testing on the plan expenses.

We obtained the expense support (source documentation, compilation and methodology) for plan

expenses submitted by the respective funds to RAA. The results of the substantive testing are as follows:

7 fund managers reported accurate fee assessments as per the contract.

8 fund managers’ plan expenses were netted against dividends from the (sale of investments,

redeemed shares, and/or realized returns). Complete supporting documentation was not

provided to the County Retirement staff. There was no transparency for these transactions. Sole

8 | P a g e

reliance is on the respective managers and independent third party service providers for the

commingled funds, to ensure the accuracy of these transactions.

Recommendation

OFPA recommends RAA request that the managers of commingled funds remit all supporting

documentation for assessed fund expenses. This information should be maintained in a repository in

accordance with the County’s record retention policy. As a review of all these expenses would not be

manageable or feasible at the current staff level, we also recommend that validation is performed on a

sample basis. Requiring that these documents be submitted and maintained would provide RAA staff

with the needed information to facilitate the recommended review. It would also give the fund manager

the perception that oversight is being performed and that RAA is validating the fund expenses.

OFPA also recommends that consideration is given to having RAA staff work with the procured external

counsel (when on-boarded) to draft and include in all Fund Managers’ contract a provision for a “Right-to-

Audit” clause. A Right-to-Audit clause would provide visibility to source data and subsidiary ledgers

which support the Audited Financial Statements of the funds of the Retirement Systems. This would be

beneficial to the review process by RAA.

Action Plan

Point of Contact Target Implementation Date Email Address

Jeffrey Weiler

1st July 2019

[email protected]

MANAGEMENT RESPONSE:

Commingled funds have an external administrator (who values their positions and calculates their

performance), independent Board of Directors, external legal counsel and external auditor (which

produces annual financial statements detailing assets under management, fees, expenses, performance,

etc.).

Prior to the recommendations made by OFPA, RAA contacted all fund managers and requested a detailed

breakdown of fees by month for each fund and that they provide additional ongoing transparency regarding

fees and expenses.

RAA will enhance the existing fee based reconciliation process to include a more complex analysis of

commingled fund fees through the use of software and / or applications designed to forecast expected charges

based on fund data. We will ask that all fund managers deliver the data required for such analysis in a

systematic way and with as much transparency as their infrastructure will allow. RAA will review forecasted

charges against actual charges and address and remedy variances as soon as they are discovered. RAA will also

review existing documentation of contractual charges for all fund managers in order to properly structure a

mailto:[email protected]

9 | P a g e

forecast model for analysis. Based on the efforts already taken in this endeavor, RAA will execute the enhanced

fee reconciliation for all funds July 1, 2018. RAA anticipates milestones every six months, beginning with

systematic data delivery from fund managers coinciding with internal infrastructure design and deployment.

There will be continuous validation on a sample basis until all funds have been integrated into the new process,

and ultimately, the July 1st, 2019 deployment of the enhancement.

Separately, Staff is exploring working with an external consultant to conduct a thorough analysis annually of a

handful of commingled funds’ audited financial statements. The goal would be to confirm management and

incentive fees paid by the fund to the general partner, monitor the level of assets that the general partner

redeems from the fund (if any), monitor the level of assets of the limited partnership itself, calculate fund

expense ratios (on a best efforts basis), monitor instrument liquidity and monitor potential strategic

investments made by the fund.

10 | P a g e

Fairfax County


Review of Contracts by External/Internal Counsel

Risk Ranking MEDIUM

Offering documents and agreements for RAA’s Plan Funds contain important information regarding

investing in the fund, investment strategies, investment guidance, domestic versus international,

investment risks, fees/expenses, and fund managers’ conflicts of interest. A fund may also be invested

in derivatives (such as options and futures) and use short-selling (selling a security it does not own) to

increase its potential returns. This could likewise increase the potential gain or loss from an

investment. As these investment strategies require increased oversight, review and sign-off of contract

language is important to protect the interest of the County. The Office of the County Attorney worked

with RAA in regard to creating an RFP for external counsel to review investment contracts. This

decision was based on the assertion that reviews of this type require specialized expertise. The Office

of the County Attorney does not employ counsel with this type of legal expertise. The RAA concurs

with the approach whereby an RFP which includes the specifications reflected in the investment

counsel services contract awarded to the Virginia Retirement System (VRS). As there is benefit to

having external counsel review and sign-off on contract language prior to an agency entering into

contracts, this process has not been performed holistically for the RAA agency over the past several

years.

Secondly, it would be beneficial to have external counsel assist RAA in evaluating conflicts of interest

disclosures completed by all fund managers. This review would allow RAA staff and external counsel to

evaluate exposure related the disclosure of proprietary information. Consideration should also be

given to the inclusion of contract language related to indemnification, confidentiality, and jurisdiction.

The development of parameters by which this language should be drafted to address the concerns of

any exposure related to these business risks for inclusion in the updated contracts would enhance the

system of controls related to the management of RAA funds. This process would assist RAA

management in assessing any related risk and/or current infractions. If these disclosures do not exist

in the current contracts, we recommend that consideration is given to having them updated to reflect

this change.

Recommendation

Aligned with the observation above, OFPA recommends the that following endeavors are undertaken by the

County Attorney’s Office and RAA;

RAA should liaise with the procured external counsel (when on-boarded) to develop a process whereby

reviews of fund manager contracts are performed for future and existing contracts.

11 | P a g e

RAA should liaise with the procured external counsel (when on-boarded) to develop a process whereby

all fund managers’ completed conflicts of interest disclosures are reviewed. Included in this process, we

also recommend that consideration is given to the inclusion of contract language related to

indemnification, confidentiality, and jurisdiction. RAA staff and the County’s counsel is in the process of

developing parameters by which this language should be drafted to address the concerns of any

exposure related to these business risks.

Action Plan


Jeffrey Weiler

Gail Langham

Benjamin Jacewicz

31st December 2017

[email protected]

[email protected]

[email protected]


RAA’s design of a complete and comprehensive strategic partnership risk mitigation process is underway.

Legal review of new and existing contracts is a critical step in the on-boarding of fund managers as well as the

review of those already utilized. RAA concurs with OFPA’s recommendation and assessment and will work

with the County Attorney’s Office to procure external counsel by the calendar year end 2017, if not sooner.

Once procured, RAA and legal counsel will build a thorough and comprehensive process of legal structure

analysis, indemnification and all pertinent fiduciary constructs for investing with care.




12 | P a g e

Fairfax County


BNY Mellon Transaction Report that Details Transactions by Category

Risk Ranking LOW

Our review of BNY Mellon’s Transaction Report revealed incomplete transaction detail. Included in the report

submitted to RAA is summarized transaction information by category. This report should include all transaction

details for Fund Manager activity. These summary activities are compiled based on; dividend income, interest

income, proceeds from sales of investments, investment management and other plan fees, stock loan income, and

etc. We worked with a BNY Mellon representative to understand the discrepancies identified in this report. Our

contact could not explain or reconcile the differences. RAA staff were advised of this issue, they are actively

working with the custodian bank to reconcile these issues on a going forward basis.

We also observed that Investment Manager fees did not populate in the BNY Mellon Transaction Detail Report for

eight of the Fund Managers. Expenses were netted against dividends from the (sale of investments, redeemed

shares, and/or realized returns). Complete supporting documentation was not provided to the County Retirement

staff. In many instances only the Net Asset Value of investments held at the custodian bank populated in the

reports. As limited transparency related to these transactions are provided, sole reliance is on the respective

managers and independent third party service providers of the commingled funds to ensure the accuracy of these

transactions.

Recommendation

OFPA recommends RAA endeavor to work with the Custodian to reconcile BNY Mellon’s month-end reconciliation to

the respective expensed management fees utilizing the requested support discussed in the recommendation above.

Consideration should be given to reconcile the differences and develop procedures to identify process gaps for

one-time fixes. This information should be utilized to improve the accuracy of reporting going forward.

Action Plan


Jeffrey Weiler

1st July 2018

[email protected]


RAA worked with Mellon to determine the extent to which they could provide further detail in the transaction

report extracted from the Workbench application the custodian provides. Because the custodian’s purpose is to

custody assets and not to formulate any kind of investment calculation, Mellon must rely on the data submitted

from fund managers. Most of the funds held by RAA are commingled funds, of which RAA is only a percentage

owner. Because of this, fund managers report to Mellon only that which relates to RAA’s accounts, and portion

of the total investment, in the form of summary activity. Commingled funds do not transact on an investor

level, but instead, on the fund level. Therefore, summary is all Mellon is able to post to Workbench, and all that


13 | P a g e

is extracted and utilized in RAA’s reconciliation processes. The summary is RAA’s portion of the NAV (Net Asset

Value) of the fund and is always net of fees. Reconciliations are performed by both Mellon and RAA, in order to

highlight differences in NAV and to report fund performance to the Boards. Material differences and a detailed

breakdown of the cause of the difference is done by Mellon through their reconciliation process between

themselves and the fund managers, a report of which is given to RAA.

As such, Mellon is unable to post more transaction detail unless provided by the fund managers. RAA will

survey the fund manager’s capability and continue to work with Mellon to post any additional details that could

be provided.

RAA has already instructed Mellon how to change the way they are posting certain items like share redemptions

that reflect the payment of management fees. RAA will request that Mellon modify existing methods of

transaction posting (to the best of their ability) and will supplement the custodian’s reports with additional

detail, when possible. RAA will also continue to monitor and reconcile the custodian and fund manager data

and action variances, with a target date of July 1st, 2018 for more robust and prolific reporting by the custodian

and reconciliation process by RAA.

14 | P a g e

CONSULTANTS / CONTRACTORS STAFF REVIEW


BACKGROUND

The purpose of this review was to assess the nature, extent, allowability, and reasonableness of

consulting and contractor costs to the County. For the purpose of this study,

consultants/contractors were defined as persons who are members of a particular profession or

possess a special skill and who were not officers or employees of the County. The study included

consultant costs charged directly to contracts, and those charged through indirect pools such as;

overhead and administrative expenses.

This study was conducted as Phase III of an ongoing process whereby we initially worked with

selected agencies/departments. Two agencies/departments were selected for review this period,

they were; Department of Cable and Consumer Services (DCCS) and the Office of Emergency

Management (OEM). The results of this study may not highlight all of the risks/exposures, process

gaps, revenue enhancements and/or expense reductions which could exist in the area. Items

reported are those which could be assessed within the scheduled timeframe and scope.

Included in the Fairfax County Code are; the terms and conditions for constructing, standards for cable television operations, and the County's authority to administer the fulfillment of the franchise requirements. The Fairfax County Code was revised in January 2001 to include provisions that better promote cable system competition in Fairfax County and improve customer service standards enforcement.


The goal of this study was to assess staffing levels, assignments, hiring practices for

consultants/contractors. During the execution of the work plan for this study, we realized that no

repository existed whereby a complete list of consultants was detailed. Information related to the

employees sampled was limited to the timeframe for which FOCUS was implemented. These

anomalies resulted in OFPA staff restructuring the method by which we evaluated the processes

and controls utilized to practice direct oversight with respect to the above mentioned attributes.

Given the instances above, OFPA staff did; vouch vendor billings, validated the related support

provided before disbursements, the procurement process for consultants/contractors, system

access for consultants/contractors, background validation, onboarding for consultants/contractors,

contract compliance and service delivery, a review of the disbursement register to validate that

remittances were made to only approved vendors (including taking discounts and timely

payments), and other related attributes.

Our audit approach included interviewing appropriate staff, reviewing consultant work functions,

substantive transaction testing, and evaluating the processes for compliance with sound internal

controls, regulations, and departmental policies and procedures. OFPA staff conducted a data-

driven risk assessment tailored to the County’s operating environment related to the

15 | P a g e

consultants/contractors review. OFPA staff also reviewed the agencies/departments procedures

to ensure the process employed was holistic and complete.

Lastly, with the assistance of DPMM and FBSG, OFPA was provided access to Spikes Cavell (The

Observatory). This software is a modular suite of data-driven online tools that have been

designed to meet the unique requirements of the public sector delivered as a cloud based service.

OFPA utilized this tool to extract the total population of contractors procured by the County to

select a sample for substantive testing. The selected sample was also utilized to extract a test

group of consultants (staff augmentation) for the above mentioned attributes.

Oversight of the County’s consultants/contractors is decentralized as the management, cost

reconciliation and hiring is relegated to the agencies/departments. No repository existed which

housed a listing of all County consultants/contractors which could be utilized to track and monitor

the process by an independent party.



Controls Over the Procurement of Consultants/Contractors Satisfactory

Tracking of Service Delivery Satisfactory

Updated Certificates of Insurance for Vendors – DCCS & DPMM Needs Improvement

Additional Insurer in Insurance Certificate – DCCS & DPMM Needs Improvement

Control Summary


Agencies/departments work directly

with DPMM to procure the vendors and

services. As subject matter experts in

the area of procurement, DPMM

provides competent guidance.

The respective agencies/departments

verify agreed upon service deliveries

based on contracted criteria.

Maintenance of Updated Certificates

of Insurance for vendors. – DCCS &

DPMM

Fairfax County, its elected and

appointed officials, officers, boards,

commissions, commissioners, agents,

and employees included as additional

insured parties in insurance

certificates. – DCCS & DPMM




16 | P a g e

Fairfax County


Updated Vendor Certificates of Insurance – DPMM

Risk Ranking LOW

When an institution contracts with a vendor for materials, equipment, supplies, or services, that vendor’s

activities and the goods provided create an inherent liability risk to the institution. By obtaining an

appropriate certificate of insurance and maintaining it on file, the institution has evidence that insurance

has been obtained which transfers risks associated with the business relationship with the vendor from the

institution to the insurer.

Substantive testing of OEM & DCCS contracts revealed 3 out of 8 (or 38%) of the Certificates of

Insurance existed but the policies had expired (Lee Hartman and Sons Inc., Trinity Video Communications,

and ManTech International Corporation). Additionally, certificates of insurance for one vendor (Digital

Video Inc.) was not maintained. As per our interview with Risk Management, updated copies of these

documents should be maintained by the County. We were also informed that it is the responsibility of the

agencies that have contracting authority to ensure that these documents remain current in the respective

files. Further to this issue, we were also informed by Risk Management that language should be included

in the contracts to inform vendors of their responsibility to forward updated Certificates of Insurance to

the County if and when they expire. Efforts should be made to address this issue holistically and as

mentioned above, a mechanism should be developed to monitor and update these documents in the files

as needed.

Recommendation

OFPA recommends that DPMM work with vendors to obtain updated Certificates of Insurance documents

and include them in contract files. Processes should be developed to ensure that these files remain

updated.

We also recommend that consideration is given to including in the contract templates, language informing

vendors of their responsibility to forward updated Certificates of Insurance to the County if and when

they expire.

Action Plan


Cathy Muse

31st August 2017

[email protected]


17 | P a g e


Management concurs with the observation and recommendation. Staff is currently in the process of

obtaining current certificates of liability insurance which are not in the files. We are also in the process

of drafting language regarding certificate updates for inclusion in the contracts as they renew.

18 | P a g e

Fairfax County


Updated Vendor Certificates of Insurance – DCCS

Risk Ranking LOW

When an institution contracts with a vendor for materials, equipment, supplies, or services, that vendor’s

activities and the goods provided create an inherent liability risk to the institution. By obtaining an

appropriate certificate of insurance and maintaining it on file, the institution has evidence that insurance

has been obtained which transfers risks associated with the business relationship with the vendor from the

institution to the insurer.

A sample of DCCS contract files revealed that an updated Certificate of Insurance was not on file at the

department. As per our interview with Risk Management, updated copies of these documents should be

maintained by the County. We were also informed that it is the responsibility of the agencies to ensure

that these documents remain current in the respective files. Further to this issue, we were also informed

by Risk Management that language should be included in the contracts to inform vendors of their

responsibility to forward updated Certificates of Insurance to the County if and when they expire.

Triggered by this review, an updated certificate has been obtained for the vendor identified in OFPA’s

sample. Efforts should be made to address this issue holistically and as mentioned above, a mechanism

should be developed to monitor and update these documents in the files as needed.

Recommendation

OFPA recommends that DCCS work with vendors to obtain updated Certificates of Insurance documents

and include them in contract files. Processes should be developed to ensure that these file remain

updated.

Action Plan


Michael S. Liberman

Rebecca L. Makely

(Implemented)

15th February 2017

[email protected]

[email protected]


DCCS maintains the Certificates of Liability Insurance on file and has instituted a procedure with timed

reminders to ensure that each cable operator submits a new certificate when the current one expires, and

to review each certificate for compliance.


19 | P a g e

Fairfax County


Insured Entities Recorded on the Certificate - DCCS

Risk Ranking LOW

All commercial general liability insurance policies shall name the County, its elected and appointed

officials, officers, boards, commissions, commissioners, agents, and employees as additional insured

parties.

The County, it’s elected and appointed officials, officers, boards, commissions, commissioners, agents, and

employees were not included on the Comcast Certificate of Liability Insurance; as additional insured

parties. In the event of a lawsuit whereby the vendor was negligent, including the County on the

certificate should facilitate the process of recovery. Further to the benefits of this process, the

responsibility of both legal and financial coverage (for the County) from the Insurance Company will be

documented.

Recommendation

OFPA recommends that DCCS work with the Insurer to include the County, its elected and appointed


parties.

Action Plan


Michael S. Liberman

Rebecca L. Makely

(Implemented)

16th February 2017

[email protected]

[email protected]


DCCS obtained the updated Certificate of Liability Insurance from Comcast Corporation which includes the

County of Fairfax as an Additional Insurer.


20 | P a g e

Fairfax County


Insured Entities Recorded on the Certificate - DPMM

Risk Ranking LOW

All commercial general liability insurance policies shall name the County, its elected and appointed


parties.

The Certificates of Liability Insurance (Leap Frog Solutions, Inc. and ManTech International Corporation) did

not detail the County, its elected and appointed officials, officers, boards, commissions, commissioners,

agents, and employees as additional insured parties. In the event of a lawsuit whereby the vendor was

negligent, including the County on the certificate should facilitate the process of recovery. Further to the

benefits of this process, the responsibility of both legal and financial coverage (for the County) from the

Insurance Company will be documented.

Recommendation

OFPA recommends that DPMM work with the Insurer to include the County, its elected and appointed


parties.

Action Plan


Cathy Muse

31st August 2017

[email protected]


Management is in the process of liaising with vendors to have contracts updated with the County as an

additional insurer. This update is not applicable for all of the County’s contracts; to that end, the updates

will be made where appropriate.


21 | P a g e

STAFF INITIATED TRAINING REVIEW


BACKGROUND

At the request of the Audit Committee (AC), the Staff Initiated Training study was added to the

March 2017 work plan. The purpose of this review was to determine, on a sample basis, if

training initiated by employees and paid for by the County was aligned with their Position

Descriptions (PD) and/or job functions. To facilitate this review, OFPA reviewed a sample of

trainings procured outside of the County. For the purpose of this review training included;

seminars, conferences, meetings, and certifications. The results of this study may not highlight

all of the risks/exposures, process gaps, revenue enhancements and/or expense reductions

which could exist in the area. Items reported are those which could be assessed within the

scheduled timeframe and scope.


The scope of this study included, but not limited to the assessment of controls employed to

manage staff initiated training. To facilitate this study, OFPA performed substantive testing on a

sample of the training expenses. Testing the overall practices related to the approval and

monitoring of staff initiated training was relegated to compliance with control best practices (as

deemed by OFPA), as no current County policy for training exists. To that end, we obtained

disbursement registers for FY 2015 and FY 2016 from the Department of Finance (DOF). These

files were data mined to extract training related expenditures agency wide. OFPA selected a

total sample of 100; 50 General Ledger (GL) expenditures and 50 Procurement Card (P-Card)

expenditures. The periods of review of this study were FY 2015 and FY 2016. The test samples

were chosen utilizing a random selection and judgment. These samples were then reviewed to

assess if training expensed to the County was deemed appropriate for the staff’s job

description. Supporting documentation for these samples were obtained from FOCUS and the

related agencies/departments. This information was utilized to assess the appropriateness of

the trainings and approvals.

While reviewing the training supporting documentation, OFPA assessed if the training was local

or non-local. The local and non-local trainings include other expenses such as; airfare, lodging,

meals, mileage and etc. These were reviewed to assess compliance with the guidelines and

standards in Procedural Memorandum No. 06-03 (Fairfax County’s Travel Policies and

Procedures). OFPA also reviewed the accounting for these expenses by the

agencies/departments.

22 | P a g e



Staff Initiated Training Properly Approved Satisfactory

Supporting Documentation for Staff Initiated Training Satisfactory

Approved County Staff Initiated Training Policy - DHR Unsatisfactory

Training Aligned with Employee’s Position Description - DFS Needs Improvement

Approval of Reimbursable Expenses – Circuit Court Needs Improvement

Control Summary


Training approved by appropriate

parties.

Supporting documentation for staff

initiated training retained by agencies/

departments.

Lack of an approved training policy which

details uniform guidelines and/or

standards. - DHR

Assessment of available training from the

County prior to the approval of staff

initiated external training. - DFS

Proper use of the DOF guidance on the

use of approval for travel not in

compliance. – Circuit Court




23 | P a g e

Fairfax County


County-Wide Training Policy

Risk Ranking LOW

As per information provided by Office of Development and Training (OD&T), no policy documents exist which

details guidance for external training taken by County staff. Testing the overall practices related to the approval

and monitoring of staff initiated training was regulated to compliance with best practices as deemed by OFPA.

A policy of this type could be utilized to address concerns related to staff’s request and management’s approval

of non-traditional courses. The sample testing revealed several instances whereby training attended by

employees did not align with their job descriptions. To further our review, OFPA liaised with OD&T to determine

if similar courses are offered by the County. We were able to identify several courses in EmployeeU that related

to these trainings that were attended by staff.

Recommendation

OFPA recommends that consideration be given to developing and implementing a Training Policy which would

provide standards and guidelines to be utilized by all County agencies/departments. This policy would assist

management in minimizing the procurement of non-essential and non-appropriate staff initiated training which

is expensed to the County.

Action Plan


Cathy Spage

Robin Baker

1st July 2017

[email protected]

[email protected]


To date, the County has not had a policy for training as it has primarily been a decentralized activity

dependent upon the individual agencies understanding their business requirements. In recent years, the

County has moved toward providing more robust training programs through the Department of Human

Resources (DHR) Organizational Development and Training (OD&T) Division. For the most part, agencies

have had little flexibility to do specialized training given budget constraints, and large undertakings have

required approval from other County leadership and the Department of Management and Budget.

In response to the recommendation (above) we have drafted a new policy that is general but essentially

directs agency staff to consult OD&T on new training initiatives. DHR has created many close connections

with our partners in the agency, which we utilize to ensure consistency and standards. Therefore, our intent



24 | P a g e

is to review the policy with the executive staff and once approved utilize our existing communication

channels to share the new policy. This includes adding it to the OD&T website; distributing it in the HR

Managers meeting; discussing it in the OD&T Community of Practices; and distributing it to all Training

Administrators and Coordinators.

Any questions can be directed to Robin Baker, Division Chief for OD&T or Cathy Spage, HR Director.

25 | P a g e

Fairfax County


Training Aligned with Employee’s Position Description - DFS

Risk Ranking LOW

In performing the sample testing of DFS’s staff initiated training expenses and approvals, we identified training

for staff provided by a vendor (Starr Commonwealth) on healing racism. The total cost for this training was ~

$23,576 which was attended by 5 DFS employees. We found 4 charges to this vendor within the last 5 years

totaling ~$48,575. Included in those charges was ~$24,999 related to three onsite trainings sessions for 222 DFS

employees. From a sample review of DFS employees that attended the training sessions, it was not definitively

clear that this training was a requirement for occupying their positions. As per DFS, there is no written policy on

mandatory training of this type for the agency. DFS did communicate that they have written guidance on how

division managers and supervisors initiate training. Working with OD&T, we identified several courses of this

type that were available in the EmployeeU catalog.

No exceptions were noted whereby the staff initiated training selected was not aligned with the employees

PD.

Recommendation

We recommend DFS management develop a memorandum providing guidance on the process of reviewing

EmployeeU’s course catalog. This process would assist management in identifying training on topics of interest

before procuring training from an outside vendor. The memorandum should be circulated throughout the

agency to complement the existing efforts.

Action Plan


Dana Thompson

1st May 2017

[email protected]


The “4 charges” identified by the audit “to the vendor within the last 5 years totaling $48,575” included charges

of $24,999 for three on-site (Fairfax County) training sessions for 222 DFS employees and $23,576 for a Train the

Trainer training attended by five DFS employees. The cost for the Train the Trainer was considered a financially

sound expenditure as it allowed DFS staff to continue providing this training as certified trainers themselves

precluding the need to pay vendors to provide the training. (Of note, the two aforementioned training charges

occurred prior to the FY 2015 and FY 2016 audit scope time frame.) As a result of the certified, in-house, DFS

trainers, no charges were incurred from FY 2014 onward and to date, 1400 employees have received the


26 | P a g e

training to include staff from DFS, Community Services Board (CSB), Neighborhood Community Services (NCS),

Juvenile and Domestic Relations District Court (JDRDC), at no additional cost.

The Department welcomes the opportunity to develop a memorandum providing guidance on the process to

review Employee U’s Catalog which will be circulated throughout the agency by May 1, 2017. It should be noted

that there were no comparable in-person, instructor led diversity training in existence during the period when

this training was initiated in 2011/2012, nor does any such training currently exist. In fact, a review of the

current OD&T Course Catalog: Course Descriptions 2016 and posted EmployeeU offerings only reflect on-line

courses ranging from 0.3 to 1.25 hours in length. The Department will further consult with OD&T to confirm or

clarify their diversity course offerings and availability.

27 | P a g e

Fairfax County


Approval of Reimbursable Expenses

Risk Ranking LOW

Included in this study, OFPA also reviewed training related expenses such as lodging, airfare, mileage,

taxi/shuttle, and meals. Sample substantive testing of staff initiated training revealed lodging fees expensed by

an employee which exceeded the Federal Per Diem Rate. Additionally, no authorization form was attached for

this expense as required by the Fairfax County’s Travel Policy (Procedural Memorandum No. 06-03). The

department asserted their understanding as, written authorization was only required if the expenditure

exceeded 150% of the Federal Per Diem Rate. Point of fact is, for any expense which exceeds the Federal Per

Diem Rate, an authorization form is required. In this instance the County incurred lodging charges of $676 of

which $192 more than the allowable rate was expensed.

Recommendation

As the error was due to a misinterpretation of Fairfax County’s Travel Policy, we recommend that a Fairfax

County’s Travel Policy clarifying memorandum (for reimbursable expenses) is circulated to staff.

Action Plan


Gerarda Culipher

(Implemented)

23rd January 2017

[email protected]


G8080: Thank you for this important review, and for helping identify best practices for travel authorization

processes. While our agency had understood the County’s Travel Policy on General Services Administration

(GSA) daily lodging caps to be satisfied by the County’s own “Travel Authorization Form,” we are glad to begin

sending an additional letter any time this fact-pattern presents.


28 | P a g e

TIME AND ATTENDANCE REVIEW


BACKGROUND

At the request of the Audit Committee (AC), the Time and Attendance study was added to the

March 2017 work plan. The purpose of this review was to determine on a sample basis if, staff

leave is being captured in FOCUS (HCM). Non-work hours taken during the scheduled work day

should be recorded as Annual Leave, Sick Leave, Compensation Leave if applicable, and etc.

Additionally, OFPA reviewed the controls in place to manage and approve the leave time with

agencies and their effectiveness based on the assessment. The results of this study may not

highlight all of the risks/exposures, process gaps, revenue enhancements and/or expense

reductions which could exist in the area. Items reported are those which could be assessed

within the scheduled timeframe and scope.


The scope of this study included, but not limited to assessing FOCUS (HCM) Time and

Attendance; segregation of duties, compliance with policies and procedures, supervisory

approvals, overtime and other paid leave, e.g.; compensatory, administrative, and etc. OFPA

also reviewed supporting documentation for employees’ time, this included reconciling a

sample of employees’ payroll time to data entry into FOCUS (HCM). OFPA utilized several

County personnel policies as standards by which the testing was performed.

Source data utilized to perform the testing included employees’; time records, work schedules,

and authorized approvers. With the assistance of DHR staff, Point & Click Enterprise Ad-Hoc

Query System (PEAQ) system and FOCUS (HCM) data were utilized as support for the time

reporting analysis. Election and state employees’ data was excluded from the review. Data from

the seven agencies selected was data mined for Positive Time Reporting employees only.

Positive time reporting is a process whereby an employee must record all absences and hours

worked. The process differs from Negative Time Reporting whereby the employee is only

required to report leave. Employees utilizing the Negative Time Reporting method were

excluded from this review as risks associated with this process were deemed diminished by

comparison. Sampling for this study was performed utilizing Microsoft Excel’s Random Number

Generator with some judgement. This process was designed to gain some assurance that the

sampling process was unbiased. For each employee in the sample a random month/year was

selected for testing. A list of all employees with HCM Time Approver Roles were matched

against approvals in FOCUS. Our testing also included an assessment of the appropriateness of

time categories. The periods of review were January 2015 thru December 2016.

29 | P a g e



Record Retention and Archiving Satisfactory

Updated Authorized Time Approvers Lists Satisfactory

Timekeeping Controls – FCPA Needs Improvement

Control Summary


Payroll records properly archived and

retained in accordance with Record

Retention Policy based on sample

selected.

Only authorized approvers were

identified in the sample selected.

Additionally, the authorized approver list

was complete and accurate based on a

validation process with staff.

Process of approval and data entry for

staff’s time was not adequately

segregated. – FCPA




30 | P a g e

Fairfax County


Timekeeping Controls

Risk Ranking LOW

OFPA’s review of controls re: the practices of recording time and attendance for County employees reflected

some instances whereby the data entry practices could be enhanced. The related substantive testing of the

Fairfax County Park Authority’s (FCPA) timekeeping records revealed instances whereby management initiated

and approved employee’s time in FOCUS (HCM). OFPA liaised with FCPA to assess this process. FCPA concurred

with the preliminary assessment of a control risk. As per management, there has been efforts to make

improvements to this process. As part of this review, the visibility of the control risk was highlighted.

Management also asserted that the results of this review will assist in expediting the implementation of

enhancements. There were four occurrences of this event by management. While no policy exists in the County

whereby this practice is prohibited, it does degrade the inherent control structure related to segregation of

duties.

Recommendation

Efforts should be made to have separate individuals enter and approve employees’ time. In the event this

process cannot be implemented due to some operational constraints, mitigating controls should be performed

(e.g.; whereby time entered into FOCUS is reconciled each pay period to the source documentation).

Evidence of review and approval should be documented, approved and maintained as evidence of compliance

with this effort.

Action Plan


Diane Roteman

Janet Burns

31st August 2017

[email protected]

[email protected]


Management has issued memorandums in the past requesting that staff comply with the initiative of entering

and approving time worked. FCPA also has over 20 FOCUS Timekeepers that are able to enter employee’s time;

this list has been circulated to FCPA supervisors and managers as a resource. Given the continued infractions,

FCPA will recirculate this directive. If feasible at the existing staff levels, consideration will be made to perform

quarterly reconciliations of source documentation and data entry on a sample basis. Additionally, this issue was

discussed with the FCPA leadership team so that they may monitor and reinforce the need for separation of

duties.



31 | P a g e

Fairfax County


APPENDICES

APPENDIX A

UNIFORMED RETIREMENT SYSTEM

Acadian Asset Management, Boston, MA

Anchorage Capital Group, New York, NY

AQR Capital Management, Greenwich, CT

Ashmore Investment Management, London, UK

BlueCrest Capital Management, London, UK

BNY Mellon Cash Investment Strategies, Pittsburgh, PA

Brandywine Global Investment Management, Philadelphia, PA

Bridgewater Associates, Westport, CT

Cohen & Steers Capital Management, New York, NY

Criterion Capital Management, San Francisco, CA

Czech Asset Management, L.L.P., Old Greenwich, CT

Davidson Kempner Institutional Partners, LP, New York, NY

DoubleLine Capital, Los Angeles, CA

Garcia Hamilton & Associates, Houston, TX

Gresham Investment Management, LLC, New York, NY

Harbourvest Partmers, LLC. Boston, MA

JP Morgan Investment Management, New York, NY

King Street Capital Management, LLC, New York, NY

Manulife Asset Management, Boston, MA

Marathon Asset Management, London, UK

Millennium Management, LLC, New York, NY

OrbiMED Healthcare Fund Management, New York, NY

Pantheon Ventures, Inc., San Francisco, CA

Parametric Portfolio Advisors, Edina, MN

PIMCO, Newport Beach, CA

Siguler Guff & Co. LP, New York, NY

Starboard Value and Opportunity, LTD., New York, NY

Systematica Investments Limited, Geneva, Switzerland

UBS Realty Investors, LLC., Hartford, CT

Wellington Management Co., LLP, Boston, MA

32 | P a g e

Fairfax County


APPENDIX B

EMPLOYEES' RETIREMENT SYSTEM

Aberdeen Asset Management Inc., Philadelphia, PA


Axiom Investors, Greenwich, CT

BlackRock Inc., San Francisco, CA


Brandywine Global Investment Management, Philadelphia, PA



Columbia Wanger Asset Management, Chicago, IL

Czech Asset Management, L.P., Old Greenwich, CT

DePrince, Race & Zollo, Winterpark, FL

DoubleLine Capital, L.P., Los Angeles, CA

Dyal Capital Partners, New York, NY

Eagle Trading Systems, Inc., Princeton, NJ

Emerging Sovereign Group, LLC, New York, NY

First Eagle Investment Management, New York, NY

Hoisington Investment Management Co., Austin, TX

JP Morgan Investment Management, New York, NY

Lazard Asset Management, LLC., New York, NY

LSV Asset Management, Chicago, IL

Marathon Asset Management, London, UK

Marathon Asset Management, New York, NY

Millennium Management, LLC, New York, NY

Nicholas Company, Milwaukee, WI



Post Advisory Group, Los Angeles, CA

QMS Capital Management, LP, Durham, NC

Quantative Management Associates, Newark, NJ

Pzena Investment Management, New York, NY

Research Affiliates, LLC, Newport Beach, CA

Sands Capital Management, Arlington, VA

Shenkman Capital Management, New York, NY

Stark Investments, St. Francis, WI

WCM Asset Management, Laguna Beach, CA

33 | P a g e

Fairfax County


APPENDIX C

POLICE OFFICERS RETIREMENT SYSTEM

Acadian Asset Management, Boston, MA


BlackRock, San Francisco, CA

BlueCrest Capital Management, London, UK




Czech Asset Management, Old Greenwich, CT

DoubleLine Capital, Los Angeles, CA

Dyal Capital Partners, New York, NY

Emerging Sovereign Group, LLC, New York, NY

First Eagle Investment Management, New York, NY

King Street Capital Management, LLC, New York, NY

Loomis Sayles & Co, Boston, MA

Oaktree Capital Management, Los Angeles, CA



Sands Capital Management, Inc., Arlington, VA

Solus Alternative Asset Management, L, New York, NY

Starboard Value and Opportunity, LTD., New York, NY

Systematica Investments Limited, Geneva, Switzerland

WCM Asset Management, Laguna Beach, CA

34 | P a g e

LIST OF ACRONYMS AC Audit Committee

BOS Board of Supervisors

CAFR Comprehensive Annual Financial Report

CSB Community Services Board

DCCS Department of Cable and Consumer Services

DFS Department of Family Services

DHR Department of Human Resources

DOF Department of Finance

DOT Department of Transportation

DPMM Department of Procurement and Material Management

EY End of Year

FBSG FOCUS Business Support Group

FCPA Fairfax County Park Authority

FY Fiscal Year

GAAP Generally Accepted Accounting Principles

G/L General Ledger

GSA General Services Administration

HCM Human Capital Management

JDRDC Juvenile and Domestic Relations District Court

NAV Net Asset Value

NCS Neighborhood Community Services

OD&T Office of Development and Training

OEM Office of Emergency Management

OFPA Office of Financial and Program Audit

P-Card Procurement Card

PD Position Description

PEAQ Point & Click Enterprise Ad-Hoc Query System

PM Procedural Memorandum

RAA Retirement Administration Agency

RFP Request for Proposal

VMF Vendor Master File

VRS Virginia Retirement System

35 | P a g e

36 | P a g e

Date post:	24-Jun-2020
Category:	Documents
Upload:	others
View:	1 times
Download:	0 times

COUNTY OF FAIRFAX, VIRGINIA OFFICE OF FINANCIAL AND ... · COUNTY OF FAIRFAX, VIRGINIA OFFICE OF...

Documents